All Downloads are FREE. Search and download functionalities are using the official Maven repository.

javax.xml.crypto.dsig.XMLSignatureFactory Maven / Gradle / Ivy

The newest version!
/**
 * Licensed to the Apache Software Foundation (ASF) under one
 * or more contributor license agreements. See the NOTICE file
 * distributed with this work for additional information
 * regarding copyright ownership. The ASF licenses this file
 * to you under the Apache License, Version 2.0 (the
 * "License"); you may not use this file except in compliance
 * with the License. You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing,
 * software distributed under the License is distributed on an
 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
 * KIND, either express or implied. See the License for the
 * specific language governing permissions and limitations
 * under the License.
 */
/*
 * Copyright 2005 Sun Microsystems, Inc. All rights reserved.
 */
/*
 * $Id: XMLSignatureFactory.java 1203738 2011-11-18 16:47:00Z mullan $
 */
package javax.xml.crypto.dsig;

import javax.xml.crypto.Data;
import javax.xml.crypto.MarshalException;
import javax.xml.crypto.NoSuchMechanismException;
import javax.xml.crypto.URIDereferencer;
import javax.xml.crypto.XMLStructure;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.keyinfo.KeyInfo;
import javax.xml.crypto.dsig.keyinfo.KeyInfoFactory;
import javax.xml.crypto.dsig.spec.*;
import javax.xml.crypto.dsig.dom.DOMSignContext;

import java.security.InvalidAlgorithmParameterException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.Provider;
import java.security.Security;
import java.util.List;

/**
 * A factory for creating {@link XMLSignature} objects from scratch or 
 * for unmarshalling an XMLSignature object from a corresponding
 * XML representation.
 *
 * 

XMLSignatureFactory Type

* *

Each instance of XMLSignatureFactory supports a specific * XML mechanism type. To create an XMLSignatureFactory, call one * of the static {@link #getInstance getInstance} methods, passing in the XML * mechanism type desired, for example: * *

* XMLSignatureFactory factory = XMLSignatureFactory.getInstance("DOM"); *
* *

The objects that this factory produces will be based * on DOM and abide by the DOM interoperability requirements as defined in the * DOM * Mechanism Requirements section of the API overview. See the * Service * Providers section of the API overview for a list of standard mechanism * types. * *

XMLSignatureFactory implementations are registered and loaded * using the {@link java.security.Provider} mechanism. * For example, a service provider that supports the * DOM mechanism would be specified in the Provider subclass as: *

 *     put("XMLSignatureFactory.DOM", "org.example.DOMXMLSignatureFactory");
 * 
* *

An implementation MUST minimally support the default mechanism type: DOM. * *

Note that a caller must use the same XMLSignatureFactory * instance to create the XMLStructures of a particular * XMLSignature that is to be generated. The behavior is * undefined if XMLStructures from different providers or * different mechanism types are used together. * *

Also, the XMLStructures that are created by this factory * may contain state specific to the XMLSignature and are not * intended to be reusable. * *

Creating XMLSignatures from scratch

* *

Once the XMLSignatureFactory has been created, objects * can be instantiated by calling the appropriate method. For example, a * {@link Reference} instance may be created by invoking one of the * {@link #newReference newReference} methods. * *

Unmarshalling XMLSignatures from XML

* *

Alternatively, an XMLSignature may be created from an * existing XML representation by invoking the {@link #unmarshalXMLSignature * unmarshalXMLSignature} method and passing it a mechanism-specific * {@link XMLValidateContext} instance containing the XML content: * *

 * DOMValidateContext context = new DOMValidateContext(key, signatureElement);
 * XMLSignature signature = factory.unmarshalXMLSignature(context);
 * 
* * Each XMLSignatureFactory must support the required * XMLValidateContext types for that factory type, but may support * others. A DOM XMLSignatureFactory must support {@link * javax.xml.crypto.dsig.dom.DOMValidateContext} objects. * *

Signing and marshalling XMLSignatures to XML

* * Each XMLSignature created by the factory can also be * marshalled to an XML representation and signed, by invoking the * {@link XMLSignature#sign sign} method of the * {@link XMLSignature} object and passing it a mechanism-specific * {@link XMLSignContext} object containing the signing key and * marshalling parameters (see {@link DOMSignContext}). * For example: * *
 *    DOMSignContext context = new DOMSignContext(privateKey, document);
 *    signature.sign(context);
 * 
* * Concurrent Access *

The static methods of this class are guaranteed to be thread-safe. * Multiple threads may concurrently invoke the static methods defined in this * class with no ill effects. * *

However, this is not true for the non-static methods defined by this * class. Unless otherwise documented by a specific provider, threads that * need to access a single XMLSignatureFactory instance * concurrently should synchronize amongst themselves and provide the * necessary locking. Multiple threads each manipulating a different * XMLSignatureFactory instance need not synchronize. * * @author Sean Mullan * @author JSR 105 Expert Group */ public abstract class XMLSignatureFactory { private String mechanismType; private Provider provider; /** * Default constructor, for invocation by subclasses. */ protected XMLSignatureFactory() {} /** * Returns an XMLSignatureFactory that supports the * specified XML processing mechanism and representation type (ex: "DOM"). * *

This method uses the standard JCA provider lookup mechanism to * locate and instantiate an XMLSignatureFactory * implementation of the desired mechanism type. It traverses the list of * registered security Providers, starting with the most * preferred Provider. A new XMLSignatureFactory * object from the first Provider that supports the specified * mechanism is returned. * *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * * @param mechanismType the type of the XML processing mechanism and * representation. See the Service * Providers section of the API overview for a list of standard * mechanism types. * @return a new XMLSignatureFactory * @throws NullPointerException if mechanismType is * null * @throws NoSuchMechanismException if no Provider supports an * XMLSignatureFactory implementation for the specified * mechanism * @see Provider */ public static XMLSignatureFactory getInstance(String mechanismType) { if (mechanismType == null) { throw new NullPointerException("mechanismType cannot be null"); } return findInstance(mechanismType, null); } private static XMLSignatureFactory findInstance(String mechanismType, Provider provider) { if (provider == null) { provider = getProvider("XMLSignatureFactory", mechanismType); } Provider.Service ps = provider.getService("XMLSignatureFactory", mechanismType); if (ps == null) { throw new NoSuchMechanismException("Cannot find " + mechanismType + " mechanism type"); } try { XMLSignatureFactory fac = (XMLSignatureFactory)ps.newInstance(null); fac.mechanismType = mechanismType; fac.provider = provider; return fac; } catch (NoSuchAlgorithmException nsae) { throw new NoSuchMechanismException("Cannot find " + mechanismType + " mechanism type", nsae); } } private static Provider getProvider(String engine, String mech) { Provider[] providers = Security.getProviders(engine + "." + mech); if (providers == null) { throw new NoSuchMechanismException("Mechanism type " + mech + " not available"); } return providers[0]; } /** * Returns an XMLSignatureFactory that supports the * requested XML processing mechanism and representation type (ex: "DOM"), * as supplied by the specified provider. Note that the specified * Provider object does not have to be registered in the * provider list. * * @param mechanismType the type of the XML processing mechanism and * representation. See the Service * Providers section of the API overview for a list of standard * mechanism types. * @param provider the Provider object * @return a new XMLSignatureFactory * @throws NullPointerException if provider or * mechanismType is null * @throws NoSuchMechanismException if an XMLSignatureFactory * implementation for the specified mechanism is not available * from the specified Provider object * @see Provider */ public static XMLSignatureFactory getInstance(String mechanismType, Provider provider) { if (mechanismType == null) { throw new NullPointerException("mechanismType cannot be null"); } else if (provider == null) { throw new NullPointerException("provider cannot be null"); } return findInstance(mechanismType, provider); } /** * Returns an XMLSignatureFactory that supports the * requested XML processing mechanism and representation type (ex: "DOM"), * as supplied by the specified provider. The specified provider must be * registered in the security provider list. * *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * * @param mechanismType the type of the XML processing mechanism and * representation. See the Service * Providers section of the API overview for a list of standard * mechanism types. * @param provider the string name of the provider * @return a new XMLSignatureFactory * @throws NoSuchProviderException if the specified provider is not * registered in the security provider list * @throws NullPointerException if provider or * mechanismType is null * @throws NoSuchMechanismException if an XMLSignatureFactory * implementation for the specified mechanism is not * available from the specified provider * @see Provider */ public static XMLSignatureFactory getInstance(String mechanismType, String provider) throws NoSuchProviderException { if (mechanismType == null) { throw new NullPointerException("mechanismType cannot be null"); } else if (provider == null) { throw new NullPointerException("provider cannot be null"); } Provider prov = Security.getProvider(provider); if (prov == null) { throw new NoSuchProviderException("cannot find provider named " + provider); } return findInstance(mechanismType, prov); } /** * Returns an XMLSignatureFactory that supports the * default XML processing mechanism and representation type ("DOM"). * *

This method uses the standard JCA provider lookup mechanism to * locate and instantiate an XMLSignatureFactory * implementation of the default mechanism type. It traverses the list of * registered security Providers, starting with the most * preferred Provider. A new XMLSignatureFactory * object from the first Provider that supports the DOM * mechanism is returned. * *

Note that the list of registered providers may be retrieved via * the {@link Security#getProviders() Security.getProviders()} method. * * @return a new XMLSignatureFactory * @throws NoSuchMechanismException if no Provider supports an * XMLSignatureFactory implementation for the DOM * mechanism * @see Provider */ public static XMLSignatureFactory getInstance() { return getInstance("DOM"); } /** * Returns the type of the XML processing mechanism and representation * supported by this XMLSignatureFactory (ex: "DOM"). * * @return the XML processing mechanism type supported by this * XMLSignatureFactory */ public final String getMechanismType() { return mechanismType; } /** * Returns the provider of this XMLSignatureFactory. * * @return the provider of this XMLSignatureFactory */ public final Provider getProvider() { return provider; } /** * Creates an XMLSignature and initializes it with the contents * of the specified SignedInfo and KeyInfo * objects. * * @param si the signed info * @param ki the key info (may be null) * @return an XMLSignature * @throws NullPointerException if si is null */ public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki); /** * Creates an XMLSignature and initializes it with the * specified parameters. * * @param si the signed info * @param ki the key info (may be null) * @param objects a list of {@link XMLObject}s (may be empty or * null) * @param id the Id (may be null) * @param signatureValueId the SignatureValue Id (may be null) * @return an XMLSignature * @throws NullPointerException if si is null * @throws ClassCastException if any of the objects are not of * type XMLObject */ public abstract XMLSignature newXMLSignature(SignedInfo si, KeyInfo ki, List objects, String id, String signatureValueId); /** * Creates a Reference with the specified URI and digest * method. * * @param uri the reference URI (may be null) * @param dm the digest method * @return a Reference * @throws IllegalArgumentException if uri is not RFC 2396 * compliant * @throws NullPointerException if dm is null */ public abstract Reference newReference(String uri, DigestMethod dm); /** * Creates a Reference with the specified parameters. * * @param uri the reference URI (may be null) * @param dm the digest method * @param transforms a list of {@link Transform}s. The list is defensively * copied to protect against subsequent modification. May be * null or empty. * @param type the reference type, as a URI (may be null) * @param id the reference ID (may be null) * @return a Reference * @throws ClassCastException if any of the transforms are * not of type Transform * @throws IllegalArgumentException if uri is not RFC 2396 * compliant * @throws NullPointerException if dm is null */ public abstract Reference newReference(String uri, DigestMethod dm, List transforms, String type, String id); /** * Creates a Reference with the specified parameters and * pre-calculated digest value. * *

This method is useful when the digest value of a * Reference has been previously computed. See for example, * the * * OASIS-DSS (Digital Signature Services) specification. * * @param uri the reference URI (may be null) * @param dm the digest method * @param transforms a list of {@link Transform}s. The list is defensively * copied to protect against subsequent modification. May be * null or empty. * @param type the reference type, as a URI (may be null) * @param id the reference ID (may be null) * @param digestValue the digest value. The array is cloned to protect * against subsequent modification. * @return a Reference * @throws ClassCastException if any of the transforms are * not of type Transform * @throws IllegalArgumentException if uri is not RFC 2396 * compliant * @throws NullPointerException if dm or * digestValue is null */ public abstract Reference newReference(String uri, DigestMethod dm, List transforms, String type, String id, byte[] digestValue); /** * Creates a Reference with the specified parameters. * *

This method is useful when a list of transforms have already been * applied to the Reference. See for example, * the * * OASIS-DSS (Digital Signature Services) specification. * *

When an XMLSignature containing this reference is * generated, the specified transforms (if non-null) are * applied to the specified result. The * Transforms element of the resulting Reference * element is set to the concatenation of the * appliedTransforms and transforms. * * @param uri the reference URI (may be null) * @param dm the digest method * @param appliedTransforms a list of {@link Transform}s that have * already been applied. The list is defensively * copied to protect against subsequent modification. The list must * contain at least one entry. * @param result the result of processing the sequence of * appliedTransforms * @param transforms a list of {@link Transform}s that are to be applied * when generating the signature. The list is defensively copied to * protect against subsequent modification. May be null * or empty. * @param type the reference type, as a URI (may be null) * @param id the reference ID (may be null) * @return a Reference * @throws ClassCastException if any of the transforms (in either list) * are not of type Transform * @throws IllegalArgumentException if uri is not RFC 2396 * compliant or appliedTransforms is empty * @throws NullPointerException if dm, * appliedTransforms or result is * null */ public abstract Reference newReference(String uri, DigestMethod dm, List appliedTransforms, Data result, List transforms, String type, String id); /** * Creates a SignedInfo with the specified canonicalization * and signature methods, and list of one or more references. * * @param cm the canonicalization method * @param sm the signature method * @param references a list of one or more {@link Reference}s. The list is * defensively copied to protect against subsequent modification. * @return a SignedInfo * @throws ClassCastException if any of the references are not of * type Reference * @throws IllegalArgumentException if references is empty * @throws NullPointerException if any of the parameters * are null */ public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm, SignatureMethod sm, List references); /** * Creates a SignedInfo with the specified parameters. * * @param cm the canonicalization method * @param sm the signature method * @param references a list of one or more {@link Reference}s. The list is * defensively copied to protect against subsequent modification. * @param id the id (may be null) * @return a SignedInfo * @throws ClassCastException if any of the references are not of * type Reference * @throws IllegalArgumentException if references is empty * @throws NullPointerException if cm, sm, or * references are null */ public abstract SignedInfo newSignedInfo(CanonicalizationMethod cm, SignatureMethod sm, List references, String id); // Object factory methods /** * Creates an XMLObject from the specified parameters. * * @param content a list of {@link XMLStructure}s. The list * is defensively copied to protect against subsequent modification. * May be null or empty. * @param id the Id (may be null) * @param mimeType the mime type (may be null) * @param encoding the encoding (may be null) * @return an XMLObject * @throws ClassCastException if content contains any * entries that are not of type {@link XMLStructure} */ public abstract XMLObject newXMLObject(List content, String id, String mimeType, String encoding); /** * Creates a Manifest containing the specified * list of {@link Reference}s. * * @param references a list of one or more References. The list * is defensively copied to protect against subsequent modification. * @return a Manifest * @throws NullPointerException if references is * null * @throws IllegalArgumentException if references is empty * @throws ClassCastException if references contains any * entries that are not of type {@link Reference} */ public abstract Manifest newManifest(List references); /** * Creates a Manifest containing the specified * list of {@link Reference}s and optional id. * * @param references a list of one or more References. The list * is defensively copied to protect against subsequent modification. * @param id the id (may be null) * @return a Manifest * @throws NullPointerException if references is * null * @throws IllegalArgumentException if references is empty * @throws ClassCastException if references contains any * entries that are not of type {@link Reference} */ public abstract Manifest newManifest(List references, String id); /** * Creates a SignatureProperty containing the specified * list of {@link XMLStructure}s, target URI and optional id. * * @param content a list of one or more XMLStructures. The list * is defensively copied to protect against subsequent modification. * @param target the target URI of the Signature that this property applies * to * @param id the id (may be null) * @return a SignatureProperty * @throws NullPointerException if content or * target is null * @throws IllegalArgumentException if content is empty * @throws ClassCastException if content contains any * entries that are not of type {@link XMLStructure} */ public abstract SignatureProperty newSignatureProperty (List content, String target, String id); /** * Creates a SignatureProperties containing the specified * list of {@link SignatureProperty}s and optional id. * * @param properties a list of one or more SignaturePropertys. * The list is defensively copied to protect against subsequent * modification. * @param id the id (may be null) * @return a SignatureProperties * @throws NullPointerException if properties * is null * @throws IllegalArgumentException if properties is empty * @throws ClassCastException if properties contains any * entries that are not of type {@link SignatureProperty} */ public abstract SignatureProperties newSignatureProperties (List properties, String id); // Algorithm factory methods /** * Creates a DigestMethod for the specified algorithm URI * and parameters. * * @param algorithm the URI identifying the digest algorithm * @param params algorithm-specific digest parameters (may be * null) * @return the DigestMethod * @throws InvalidAlgorithmParameterException if the specified parameters * are inappropriate for the requested algorithm * @throws NoSuchAlgorithmException if an implementation of the * specified algorithm cannot be found * @throws NullPointerException if algorithm is * null */ public abstract DigestMethod newDigestMethod(String algorithm, DigestMethodParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Creates a SignatureMethod for the specified algorithm URI * and parameters. * * @param algorithm the URI identifying the signature algorithm * @param params algorithm-specific signature parameters (may be * null) * @return the SignatureMethod * @throws InvalidAlgorithmParameterException if the specified parameters * are inappropriate for the requested algorithm * @throws NoSuchAlgorithmException if an implementation of the * specified algorithm cannot be found * @throws NullPointerException if algorithm is * null */ public abstract SignatureMethod newSignatureMethod(String algorithm, SignatureMethodParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Creates a Transform for the specified algorithm URI * and parameters. * * @param algorithm the URI identifying the transform algorithm * @param params algorithm-specific transform parameters (may be * null) * @return the Transform * @throws InvalidAlgorithmParameterException if the specified parameters * are inappropriate for the requested algorithm * @throws NoSuchAlgorithmException if an implementation of the * specified algorithm cannot be found * @throws NullPointerException if algorithm is * null */ public abstract Transform newTransform(String algorithm, TransformParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Creates a Transform for the specified algorithm URI * and parameters. The parameters are specified as a mechanism-specific * XMLStructure (ex: {@link DOMStructure}). This method is * useful when the parameters are in XML form or there is no standard * class for specifying the parameters. * * @param algorithm the URI identifying the transform algorithm * @param params a mechanism-specific XML structure from which to * unmarshal the parameters from (may be null if * not required or optional) * @return the Transform * @throws ClassCastException if the type of params is * inappropriate for this XMLSignatureFactory * @throws InvalidAlgorithmParameterException if the specified parameters * are inappropriate for the requested algorithm * @throws NoSuchAlgorithmException if an implementation of the * specified algorithm cannot be found * @throws NullPointerException if algorithm is * null */ public abstract Transform newTransform(String algorithm, XMLStructure params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Creates a CanonicalizationMethod for the specified * algorithm URI and parameters. * * @param algorithm the URI identifying the canonicalization algorithm * @param params algorithm-specific canonicalization parameters (may be * null) * @return the CanonicalizationMethod * @throws InvalidAlgorithmParameterException if the specified parameters * are inappropriate for the requested algorithm * @throws NoSuchAlgorithmException if an implementation of the * specified algorithm cannot be found * @throws NullPointerException if algorithm is * null */ public abstract CanonicalizationMethod newCanonicalizationMethod( String algorithm, C14NMethodParameterSpec params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Creates a CanonicalizationMethod for the specified * algorithm URI and parameters. The parameters are specified as a * mechanism-specific XMLStructure (ex: {@link DOMStructure}). * This method is useful when the parameters are in XML form or there is * no standard class for specifying the parameters. * * @param algorithm the URI identifying the canonicalization algorithm * @param params a mechanism-specific XML structure from which to * unmarshal the parameters from (may be null if * not required or optional) * @return the CanonicalizationMethod * @throws ClassCastException if the type of params is * inappropriate for this XMLSignatureFactory * @throws InvalidAlgorithmParameterException if the specified parameters * are inappropriate for the requested algorithm * @throws NoSuchAlgorithmException if an implementation of the * specified algorithm cannot be found * @throws NullPointerException if algorithm is * null */ public abstract CanonicalizationMethod newCanonicalizationMethod( String algorithm, XMLStructure params) throws NoSuchAlgorithmException, InvalidAlgorithmParameterException; /** * Returns a KeyInfoFactory that creates KeyInfo * objects. The returned KeyInfoFactory has the same * mechanism type and provider as this XMLSignatureFactory. * * @return a KeyInfoFactory * @throws NoSuchMechanismException if a KeyFactory * implementation with the same mechanism type and provider * is not available */ public final KeyInfoFactory getKeyInfoFactory() { return KeyInfoFactory.getInstance(getMechanismType(), getProvider()); } /** * Unmarshals a new XMLSignature instance from a * mechanism-specific XMLValidateContext instance. * * @param context a mechanism-specific context from which to unmarshal the * signature from * @return the XMLSignature * @throws NullPointerException if context is * null * @throws ClassCastException if the type of context is * inappropriate for this factory * @throws MarshalException if an unrecoverable exception occurs * during unmarshalling */ public abstract XMLSignature unmarshalXMLSignature (XMLValidateContext context) throws MarshalException; /** * Unmarshals a new XMLSignature instance from a * mechanism-specific XMLStructure instance. * This method is useful if you only want to unmarshal (and not * validate) an XMLSignature. * * @param xmlStructure a mechanism-specific XML structure from which to * unmarshal the signature from * @return the XMLSignature * @throws NullPointerException if xmlStructure is * null * @throws ClassCastException if the type of xmlStructure is * inappropriate for this factory * @throws MarshalException if an unrecoverable exception occurs * during unmarshalling */ public abstract XMLSignature unmarshalXMLSignature (XMLStructure xmlStructure) throws MarshalException; /** * Indicates whether a specified feature is supported. * * @param feature the feature name (as an absolute URI) * @return true if the specified feature is supported, * false otherwise * @throws NullPointerException if feature is null */ public abstract boolean isFeatureSupported(String feature); /** * Returns a reference to the URIDereferencer that is used by * default to dereference URIs in {@link Reference} objects. * * @return a reference to the default URIDereferencer (never * null) */ public abstract URIDereferencer getURIDereferencer(); }





© 2015 - 2024 Weber Informatics LLC | Privacy Policy